This version takes into account David Miller's comments regarding treatment of security layer errors in the case of socket policies. Specifically, these errors will be treated like how these kind of errors are treated for the main/sub policies, which is to return a full lookup failure.
include/linux/security.h | 24 ++----- include/net/flow.h | 2 include/net/xfrm.h | 3 net/core/flow.c | 42 ++++++++---- net/ipv4/xfrm4_policy.c | 2 net/ipv6/xfrm6_policy.c | 2 net/key/af_key.c | 5 - net/xfrm/xfrm_policy.c | 101 ++++++++++++++++++++++-------- net/xfrm/xfrm_user.c | 9 -- security/dummy.c | 3 security/selinux/include/xfrm.h | 3 security/selinux/xfrm.c | 53 ++++++++++++--- 12 files changed, 162 insertions(+), 87 deletions(-) - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
